P
US12355818B2ActiveUtilityPatentIndex 51

Methods, systems, and computer readable media for improving inter-public land mobile network (PLMN) routing across security edge protection proxies (SEPPs) by implementing health checks for remote SEPPs

Assignee: ORACLE INT CORPPriority: Jan 19, 2023Filed: Jan 19, 2023Granted: Jul 8, 2025
Est. expiryJan 19, 2043(~16.6 yrs left)· nominal 20-yr term from priority
Inventors:RAJPUT JAYSINGH VIRENDRAMOHAN RAJ JOHN NIRMAL
H04L 63/0281H04W 84/042H04L 63/20
51
PatentIndex Score
0
Cited by
17
References
16
Claims

Abstract

A method for improving inter-PLMN routing by implementing health checks for remote SEPPs includes storing a target SEPP database including records corresponding to remote SEPPs to which SBI request messages can be routed. The method further includes receiving SBI request messages destined for NFs in PLMNs protected by the remote SEPPs, using the target SEPP database to select and route messages to the remote SEPPs. The method further includes, for each of the remote SEPPs, sending a health check message to the remote SEPP, determining, based on a response or lack of a response to the health check message that the remote SEPP is unhealthy or unreachable, and, in response, removing a record for the remote SEPP from the target SEPP database or marking the record for the remote SEPP to indicate that the remote SEPP is unhealthy or unreachable.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for improving inter-public land mobile network (PLMN) routing by implementing health checks for remote security edge protection proxies (SEPPs), the method comprising:
 storing, at an SEPP, a target SEPP database including records corresponding to the remote SEPPs to which service based interface (SBI) request messages can be routed, wherein storing the target SEPP database includes storing, for each record in the target SEPP database, a priority and a capacity of a corresponding remote SEPP; 
 receiving, by the SEPP, SBI request messages destined for network functions (NFs) in PLMNs protected by the remote SEPPs; 
 using, by the SEPP, the target SEPP database to select remote SEPPs to which the SBI request messages should be routed, wherein using the target SEPP database to select the remote SEPPs includes, for each SBI request message, selecting an SEPP identifier corresponding to an SEPP having a lowest priority and an available capacity among SEPP identifiers in the target SEPP database; 
 routing, by the SEPP, the SBI request messages to the remote SEPPs selected using the target SEPP database; and 
 for each of the remote SEPPs corresponding to one of the records in the target SEPP database, sending, by the SEPP, a health check message to a remote SEPP, determining, based on a response or lack of a response from the remote SEPP to the health check message that the remote SEPP is unhealthy or unreachable, and, in response, removing a record for the remote SEPP from the target SEPP database or marking the record for the remote SEPP in the target SEPP database to indicate that the remote SEPP is unhealthy or unreachable. 
 
     
     
       2. The method of  claim 1  wherein sending a health check message to each of the remote SEPPs includes sending a security capability negotiation message to each of the remote SEPPs. 
     
     
       3. The method of  claim 2  wherein sending a security capability negotiation message includes sending an N32-C security capability negotiation message to each of the remote SEPPs. 
     
     
       4. The method of  claim 3  wherein sending the N32-C security capability negotiation message includes sending a hypertext transfer protocol (HTTP) POST message with an information element indicating a purpose of the HTTP POST message is health check. 
     
     
       5. The method of  claim 1  wherein sending the health check message to each of the remote SEPPs includes periodically sending the health check message to each of the remote SEPPs. 
     
     
       6. The method of  claim 1  wherein sending the health check message to each of the remote SEPPs includes sending a health check message to a first SEPP of the remote SEPPs in response to failing to receive traffic from the first SEPP for a configured duration. 
     
     
       7. The method of  claim 1  comprising refraining from routing the SBI request messages to the remote SEPP whose record has been removed or marked to indicate that the remote SEPP is unhealthy or unreachable. 
     
     
       8. A method for improving inter-public land mobile network (PLMN) routing by implementing health checks for remote security edge protection proxies (SEPPs), the method comprising:
 storing, at an SEPP, a target SEPP database including records corresponding to the remote SEPPs to which service based interface (SBI) request messages can be routed; 
 receiving, by the SEPP, SBI request messages destined for network functions (NFs) in PLMNs protected by the remote SEPPs; 
 using, by the SEPP, the target SEPP database to select remote SEPPs to which the SBI request messages should be routed; 
 routing, by the SEPP, the SBI request messages to the remote SEPPs selected using the target SEPP database; and 
 for each of the remote SEPPs corresponding to one of the records in the target SEPP database, sending, by the SEPP, a health check message to a remote SEPP, determining, based on a response or lack of a response from the remote SEPP to the health check message that the remote SEPP is unhealthy or unreachable, and, in response, removing a record for the remote SEPP from the target SEPP database or marking the record for the remote SEPP in the target SEPP database to indicate that the remote SEPP is unhealthy or unreachable, wherein sending a health check message to each of the remote SEPPs includes sending a health check message to a first SEPP of the remote SEPPs in response to receiving erroneous traffic from the first SEPP for a configured duration. 
 
     
     
       9. A system for improving inter-public land mobile network (PLMN) routing by implementing health checks for remote security edge protection proxies (SEPPs), the system comprising:
 an SEPP including at least one processor and a memory; 
 a target SEPP database stored in the memory and including records corresponding to the remote SEPPs to which service based interface (SBI) request messages can be routed, wherein the target SEPP database includes, for each record in the target SEPP database, a priority and a capacity of a corresponding remote SEPP; 
 an inter-PLMN message router for receiving SBI request messages destined for network functions (NFs) in PLMNs protected by the remote SEPPs, using the target SEPP database to select remote SEPPs to which the SBI request messages should be routed, and routing the SBI request messages to the remote SEPPs selected using the target SEPP database, wherein, in selecting the remote SEPPs to which the SBI request messages should be routed, the inter-PLMN message router is configured to, for each SBI request message, select an SEPP identifier corresponding to an SEPP having a lowest priority and an available capacity among SEPP identifiers in the target SEPP database; and 
 a remote SEPP health checker configured to, for each of the remote SEPPs corresponding to one of the records in the target SEPP database, send a health check message to a remote SEPP, determine, based on a response or lack of a response from the remote SEPP to the health check message, that the remote SEPP is unhealthy or unreachable, and, in response, remove a record for the remote SEPP from the target SEPP database or mark the record for the remote SEPP in the target SEPP database to indicate that the remote SEPP is unhealthy or unreachable. 
 
     
     
       10. The system of  claim 9  wherein the health check message comprises a security capability negotiation message. 
     
     
       11. The system of  claim 10  wherein the security capability negotiation message comprises an N32-C security capability negotiation message. 
     
     
       12. The system of  claim 11  wherein the N32-C security capability negotiation message comprises a hypertext transfer protocol (HTTP) POST message with an information element indicating a purpose of the HTTP POST message is health check. 
     
     
       13. The system of  claim 9  wherein the remote SEPP health checker is configured to periodically transmit the health check message to each of the remote SEPPs. 
     
     
       14. The system of  claim 9  wherein the remote SEPP health checker is configured to transmit a health check message to a first SEPP of the remote SEPPs in response to failing to receive traffic from the first SEPP for a configured duration. 
     
     
       15. A system for improving inter-public land mobile network (PLMN) routing by implementing health checks for remote security edge protection proxies (SEPPs), the system comprising:
 an SEPP including at least one processor and a memory; 
 a target SEPP database stored in the memory and including records corresponding to the remote SEPPs to which service based interface (SBI) request messages can be routed; 
 an inter-PLMN message router for receiving SBI request messages destined for network functions (NFs) in PLMNs protected by the remote SEPPs, using the target SEPP database to select remote SEPPs to which the SBI request messages should be routed, and routing the SBI request messages to the remote SEPPs selected using the target SEPP database; and 
 a remote SEPP health checker configured to, for each of the remote SEPPs corresponding to one of the records in the target SEPP database, send a health check message to a remote SEPP, determine, based on a response or lack of a response from the remote SEPP to the health check message, that the remote SEPP is unhealthy or unreachable, and, in response, remove a record for the remote SEPP from the target SEPP database or mark the record for the remote SEPP in the target SEPP database to indicate that the remote SEPP is unhealthy or unreachable, wherein the remote SEPP health checker is configured to transmit a health check message to a first SEPP of the remote SEPPs in response to receiving erroneous traffic from first SEPP for a configured duration. 
 
     
     
       16. A non-transitory computer readable medium having stored thereon executable instructions that, when executed by a processor of a computer, control the computer to perform steps comprising:
 storing, at a security edge protection proxy (SEPP), a target SEPP database including records corresponding to remote SEPPs to which service based interface (SBI) request messages can be routed, wherein storing the target SEPP database includes storing, for each record in the target SEPP database, a priority and a capacity of a corresponding remote SEPP; 
 receiving, by the SEPP, SBI request messages destined for network functions (NFs) in PLMNs protected by the remote SEPPs; 
 using, by the SEPP, the target SEPP database to select remote SEPPs to which the SBI request messages should be routed, wherein using the target SEPP database to select the remote SEPPs includes, for each SBI request message, selecting an SEPP identifier corresponding to an SEPP having a lowest priority and an available capacity among SEPP identifiers in the target SEPP database; 
 routing, by the SEPP, the SBI request messages to the remote SEPPs selected using the target SEPP database; and 
 for each of the remote SEPPs corresponding to one of the records in the target SEPP database, sending, by the SEPP, a health check message to a remote SEPP, determining, based on a response or lack of a response to the health check message from the remote SEPP that the remote SEPP is unhealthy or unreachable, and, in response, removing a record for the remote SEPP from the target SEPP database or marking the record for the remote SEPP in the target SEPP database to indicate that the remote SEPP is unhealthy or unreachable.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.